{ pkgs, config, lib, ... }:
let cfg = config.my.system.boot;
in
{
  options.my.system.boot = with lib; {
    initrd = {
      network = { enable = mkEnableOption "enable SSH with initrd"; };
    };
  };

  config = {
    boot = {
      initrd = {
        network = lib.mkIf cfg.initrd.network.enable {
          enable = true;
          postCommands = ''
            echo "cryptsetup-askpass; exit" > /root/.profile
          '';
          ssh = {
            enable = true;
            port = 2222;
            hostKeys =
              [ /etc/ssh/ssh_host_ed25519_key /etc/ssh/ssh_host_rsa_key ];
            authorizedKeys =
              config.users.users.fcuny.openssh.authorizedKeys.keys;
          };
        };
      };
    };
  };
}